Splunk IT Service Intelligence

In Splunk IT Service Intelligence, what are the required log sources and expected volumes of data?

evelenke
Contributor

Hi Splunkers,

I will appreciate any approximate estimates on expected volumes and sources of data that will satisfy general needs for a nice functionality of ITSI in a mixed environment with, for example, 100 or 1000 hosts.

0 Karma
1 Solution

chrisyounger
SplunkTrust
SplunkTrust

Hi @evelenke

This is an almost impossible question to answer as it can be heavily customised and all customers are different.

Here is some very very rough numbers for you to consider, but please talk to your Splunk sales rep:

Windows servers: ~ 250MB/server
Unix servers: ~500MB/day
Virtualization logs: ~500MB/day
Cloud logs: ~500MB/day
Other monitoring, such as website checks etc: 250MB/day

Hope this is helpful. I have take the numbers from the Splunk DSA checklist, but you should not rely on these figures for anything.

View solution in original post

chrisyounger
SplunkTrust
SplunkTrust

Hi @evelenke

This is an almost impossible question to answer as it can be heavily customised and all customers are different.

Here is some very very rough numbers for you to consider, but please talk to your Splunk sales rep:

Windows servers: ~ 250MB/server
Unix servers: ~500MB/day
Virtualization logs: ~500MB/day
Cloud logs: ~500MB/day
Other monitoring, such as website checks etc: 250MB/day

Hope this is helpful. I have take the numbers from the Splunk DSA checklist, but you should not rely on these figures for anything.

evelenke
Contributor

Any rough calculation is helpful, thanks a lot!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...